Security in the cloud starts with cloud security architecture, which adds security elements to the basic architecture. Traditional security elements include firewalls (FW), anti-malware, and intrusion detection systems (IDS). Cloud auditors, security architects and security engineers are also needed to design secure structures within and through the cloud.
In other words, cloud security architecture is not limited to the hardware or software.
Cloud security architecture begins with risk management. Knowing what could possibly go wrong and how a business could be negatively impacted helps companies make responsible decisions. Three critical areas of discussion are business continuity, supply chain, and physical security.
For instance, what will happen to your business if your cloud provider has a failure? Putting servers, services, and data in the cloud does not eliminate the need for business continuity and/or disaster recovery planning.
What would happen if just anyone could walk into the cloud provider’s data center? At the big three – AWS, GCP and Azure – this would not be easy, but that is the point. They have invested heavily in data center security.
What about other cloud providers? Request a walkthrough of potential any cloud provider’s data center and to be involved in an audit. Note their answer. Were they willing to let you check out the data center the next day? If it’s easy to get into the data center, perhaps that provider deserves a second thought.
Smaller cloud providers may not have a physical data center. More likely, they use and effectively resell the capability of the big cloud providers. That is an advantage and part of the beauty of using the cloud. If the relationship between the cloud providers is unknown, additional issues could emerge regarding laws, regulations and contracts. Ask this simple question: Where is my data? If there are multiple levels to the cloud provider, the answer could be hard to determine. There could also be legal consequences, such as an issue with the European General Data Protection Regulation (GDPR).
The elements that comprise a business’s cloud security architecture may have cloud security services as well. It is possible to purchase services like data leak prevention (DLPaaS). Other tools assist with security, such as a scanning tool that searches for personally identifiable information so it can be secured properly. Cloud security management is necessary to ensure that these services are working as they should.